Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot for Dockerfiles #580

Merged
merged 3 commits into from
Jan 16, 2024
Merged

Add dependabot for Dockerfiles #580

merged 3 commits into from
Jan 16, 2024

Conversation

halamix2
Copy link
Member

Description

Changes proposed in this pull request:

  • Add dependabot for Dockerfiles

Related issue(s)

@kyma-bot kyma-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 12, 2024
@kyma-bot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@kyma-bot kyma-bot added cla: yes Indicates the PR's author has signed the CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 12, 2024
@halamix2 halamix2 marked this pull request as ready for review January 12, 2024 12:13
@kyma-bot kyma-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 12, 2024
@halamix2 halamix2 mentioned this pull request Jan 15, 2024
Closed
5 tasks
halamix2
halamix2 commented Jan 15, 2024
View reviewed changes
.github/dependabot.yml Outdated
prefix: "java17"
include: "scope"
- package-ecosystem: "docker"
directory: "/components/runtimes/nodejs/nodejs16"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NodeJS base images are pinned by SHA, do we want to enable Dependabot for them?

halamix2
halamix2 commented Jan 15, 2024
View reviewed changes
.github/dependabot.yml Outdated
prefix: "manager"
include: "scope"
- package-ecosystem: "docker"
directory: "/components/serverless/deploy/webhook"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Images pinned to SHA; pinning europe-docker.pkg.dev/kyma-project/prod/external/* is not necessary, as the implementation of the syncer guarantees the synced tags are immutable

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

webhook is no longer deployed as of #247

halamix2
halamix2 commented Jan 15, 2024
View reviewed changes
.github/dependabot.yml
prefix: "jobinit"
include: "scope"
- package-ecosystem: "docker"
directory: "/components/serverless/deploy/manager"
Copy link
Member Author

@halamix2 halamix2 Jan 15, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Images pinned to SHA; pinning europe-docker.pkg.dev/kyma-project/prod/external/* is not necessary, as the implementation of the syncer guarantees the synced tags are immutable; this can be done in another step

halamix2
halamix2 commented Jan 15, 2024
View reviewed changes
.github/dependabot.yml
include: "scope"

- package-ecosystem: "docker"
directory: "/components/serverless/deploy/jobinit"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Images pinned to SHA; pinning europe-docker.pkg.dev/kyma-project/prod/external/* is not necessary, as the implementation of the syncer guarantees the synced tags are immutable

@halamix2
Copy link
Member Author

/hold

@kyma-bot kyma-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 16, 2024
@kyma-bot kyma-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 16, 2024
@halamix2
Copy link
Member Author

/unhold

@kyma-bot kyma-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 16, 2024
kwiatekus
kwiatekus requested changes Jan 16, 2024
View reviewed changes
.github/dependabot.yml Outdated
prefix: "manager"
include: "scope"
- package-ecosystem: "docker"
directory: "/components/serverless/deploy/webhook"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

webhook is no longer deployed as of #247

@kwiatekus kwiatekus assigned halamix2 and unassigned kwiatekus Jan 16, 2024
@halamix2 halamix2 assigned kwiatekus and unassigned halamix2 Jan 16, 2024
@kyma-bot kyma-bot added the lgtm Looks good to me! label Jan 16, 2024
@kyma-bot kyma-bot merged commit c170c4b into kyma-project:main Jan 16, 2024
17 checks passed
@halamix2 halamix2 deleted the dependabot-images branch January 16, 2024 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kwiatekus kwiatekus kwiatekus approved these changes

@pPrecel pPrecel Awaiting requested review from pPrecel pPrecel is a code owner

@dbadura dbadura Awaiting requested review from dbadura dbadura is a code owner

@Cortey Cortey Awaiting requested review from Cortey Cortey is a code owner

@anoipm anoipm Awaiting requested review from anoipm anoipm is a code owner

@MichalKalke MichalKalke Awaiting requested review from MichalKalke MichalKalke is a code owner

Assignees

@kwiatekus kwiatekus

Labels
cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@halamix2 @kyma-bot @kwiatekus